Menu

Month: April 2017

Since the inception of the internet, domain name system (DNS) remains the bane of cyber safety experts everywhere. Its utilitarian design, though guarantying high functionality, comprises harshly on defenses. DNS security is thus an area of networking that users should pay more attention to. Incidentally, or rather ironically, it remains the area where the least amount of interaction. Taking advantage of this, hackers frequently target the DNS in order to harm devices or steal data.

What is Switcher Trojan?
Android Trojan, or more popularly, Switcher Trojan is a malware designed to hack into users’ WiFi and take control of their network via the DNS. Detected by Researchers at Kaspersky Lab, the malware has two versions – a copy of Chinese search engine Baidu’s mobile version and another, a fraudulent version of an app that is used for locating and sharing WiFi information among users. Together, these two have attacked over 1,280 wireless networks, most of which were based in China.

How does it work?
Once a victim has downloaded either of the two malicious apps, the trojan sends a report to a command-and-control (C&C) server along with a network ID. Unlike most malwares, Android Switcher doesn’t steal data from the user it has infiltrated, instead it works on corrupting the entire network, thereby making the user an unwitting accomplice to the hack.

The trojan relies on brute force method to try and guess the password, and thus, login to the web UI of the router. It tries various credentials till a match is found. For now, this method works only on TP-Link routers. If the attack is successful, the malware then swaps the router’s ISP provided DNS with its own rogue version. This means that the router no longer knows how to redirect the domain name provided by the user. As a precautionary measure, it also configures a legitimate Google DNS (8.8.8.8) as a secondary DNS in case the malicious server crashes. Thus, the user doesn’t detect anything suspicious.

What does this mean for you?
To access any website, we usually enter its URL into the search bar. A website, however, is not actually linked to this name. It is linked to an IP address provided by the IANA upon request. DNS or Domain Naming Service links the entered website name (or domain name) with its logical address and retrieves the information to make the webpage available to us.

Once the domain is compromised, however, attackers can use rogue domains to lure unsuspecting users into any webpage of their choice. You may enter google.com, and you may see a page that looks exactly like google.com, but the data you enter will not go to google, but to a separate database maintained by the creators of the malware. They can now retrieve analyze and use any information you enter. This is DNS Hijacking.

How to protect yourselfBrute force method of hacking is not a sophisticated one. It relies primarily on the user’s lack of knowledge and the resulting vulnerability of a router. Most users never change their default passwords and hence it becomes very easy to crack them. A strong password consisting of alphabets, digits, and special characters, may take years to guess and thus will never be hacked.

Another good rule of thumb is to never download unsafe apps. APKs available from third party sites are often malicious. When in doubt, stick to the official play store.

And, finally, always invest in a good antivirus software. Malwares like this one can easily be detected by robust antivirus systems. Update your virus definitions periodically and you should be safe from most softwares trying to harm your device and resources.

IP address administration (IPAM) is the process of arranging, following and dealing with the usage of IP address ranges in systems of an exceptionally expansive size. ISPs and substantial scale undertakings are confronted with the mind-boggling challenges related with dealing with their IP spaces ideally on a day to day basis.

IP locations are an essential piece of any DNS business system, and corporations of all shapes and sizes are dominating them at a rapid pace with more entries and expedients than any other time in recent memory. Surpassing the centrality of managing a grip on IP locations can become the precursor of catastrophe. IP locations are a standout amongst the most problematic resources that should be regulated in any system for your DNS security. Each network request and device – from email and web interconnections to document, server farm, stockpiling, and net-associated printers – relies upon IP and requires address management. Which is why it is extremely important to look at the challenges one might face in the course of this progression:

Manual configuration of alarge pool of host IP addresses. This process is quite prone to errors and is overly time-consuming as it requires a network administrator at all times to sort out the mess. A detailed list of parameters and portions is necessarily maintained and this makes it a burden.

Lack of Host to IP address mapping protocols and procedures. A hostname is a human-readable name by which a grid device (like a computer, server, modem, or printer) is identified on a network. Without hostname-to-IP-address mapping, network overseers would need to look up the location of devices physically, a very inefficient process.

Limited reliability and space of such systems. Fault tolerance and redundancy are crucial to the success of IP networks. The IPv4 specification provides an address array storage of thirty-two bits, which characterizes over four billion discourses. Even with all the upcoming advancements, the limitations of IPv4 will remain.

Lack of perspective on IP consumption trends.IP address management encumbers you and your team with directorial overheads that are bulky, onerous and may also prove to be error-prone.

A large plethora of security loopholes which may have been hidden most of the time.

Lack of single point visibility of large-scale

Overt complexity in network management which is a bane to simple IP address management.

Despite all these challenges which vary in their structural complexity as well as solution innovations, the presence of IPAM software has reduced many hurdles from the path of efficient and multifariously managed IP network administration procedures. In such an environment, an incorporated DHCP/DNS crossing point with setup wizards can facilitate the job of overseers with extraordinary litheness and ease of alignment. A DHCP facility uses arrangements to rapidly form up address ranges and domains based on the classification of data that is fed to it.

For instance, each system section may have the initial 20 addresses saved for servers, the next 10 addresses for printers, the following 10 for portable workstation clients and the staying for PCs.

Space inclinations permit administrators to set space security settings for zone exchanges, DDNS, inform, thequery also, and design. At the point when the IP address of a host is changed, its DNS data is powerfully refreshed by DDNS to relate the current host name with the new IP address. This preparation permits you to dispose of WINS from your system and give a comprehensive perspective of your system. Adaptation to non-critical failure and repetition are vital to the achievement of an IP what’s more, DNS administration arrangement. Any economically accessible DHCP arrangement must bolster the most recent IETF draft for DHCP Failover. DHCP and DNS administration programming ought to keep running on Windows, Solaris, and Linux situations with an electronic administration utility to screen, arrange and oversee administrations from any working framework.

In this way, a little can go a long way in successful IP address management.